[ic] Norton BHO causing session loss
Gert van der Spoel
gert at 3edge.com
Thu Mar 3 20:23:22 UTC 2011
> > Gert said
> > > IC 5.6.3:
> > > FullURL 1
> > > NoAbsolute Yes
> > > MaxServers 5
> > > PIDcheck 300
> > >
> > > Aapche:
> > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> > > downgrade-1.0 force-response-1.0
> > >
> > > NotRobotUA includes MSIE
> > >
> > > I am seeing people getting a new session ID when travelling to an SSL
> > > encrypted page.
> >
> > This is when they go from NonSSL to SSL for the same site?
>
> Hi Gert
>
> Are you asking if my http & https servers the same server? Yes.
>
> > And after that? Does it keep the session ID or does it keep changing?
>
> I end up with two session ID's, one for http and one for https, and once I
> have them they stay the same. So when on http pages, the session ID is
> always 123, and when on https, it's always ABC, it doesn't keep chaning
> each time I make the transition.
>
> > And when you start directly on SSL does it keep it or does it change?
>
> Interesting, if I arrive on the site in https, I get and keep a single
> session ID, so it works in that respect.
>
So the problem happens the moment someone goes from HTTP to HTTPS for this
website (checkout pages, login pages etc) ... They start out on
http://www.domain.com/ ... happily going, session ID is the same, then
they go do something that requires SSL get directed to
https://www.domain.com/ ... this causes getting a new session ID, which
then stays the same while continuing to surf ... right?
Does the site work with cookies? Or you pass along the session ID in the
URLs everywhere? I assume cookies and perhaps there something goes wrong
when going from http to https ...
CU,
Gert
More information about the interchange-users
mailing list